VYPR

Mybulletinboard

by PhpBB

Source repositories

CVEs (74)

  • CVE-2006-0959Mar 2, 2006
    risk 0.03cvss epss 0.04

    SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie. NOTE: 1.04 has also been reported to be…

  • CVE-2006-0470Jan 31, 2006
    risk 0.03cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBoard (MyBB) 1.02 allows remote attackers to inject arbitrary web script or HTML via the (1) sortby and (2) sortordr parameters, which are not properly handled in a redirection.

  • CVE-2005-3326Oct 27, 2005
    risk 0.03cvss epss 0.02

    SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the awayday parameter.

  • CVE-2005-2697Aug 26, 2005
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in search.php for MyBulletinBoard (MyBB) 1.00 Release Candidate 1 through 4 allows remote attackers to execute arbitrary SQL commands via the uid parameter. NOTE: this issue might overlap CVE-2005-0282.

  • CVE-2005-2580Aug 16, 2005
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 with Security Patch allow remote attackers to execute arbitrary SQL commands via the Username field in (1) index.php or (2) member.php, action parameter to (3) search.php or (4) member.php, or (5)…

  • CVE-2005-1833May 31, 2005
    risk 0.03cvss epss 0.02

    Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to calendar.php, (2) idsql parameter to online.php, (3) usersearch parameter to memberlist.php, (4) pid parameter to…

  • CVE-2018-19202Apr 11, 2019
    risk 0.00cvss epss 0.01

    A reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.19 allows remote attackers to inject JavaScript via the 'upsetting[bburl]' parameter.

  • CVE-2018-19201Mar 29, 2019
    risk 0.00cvss epss 0.01

    A reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the 'username' parameter.

  • CVE-2007-1964Apr 11, 2007
    risk 0.00cvss epss 0.01

    member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password…

  • CVE-2006-4971Sep 25, 2006
    risk 0.00cvss epss 0.01

    MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message.

  • CVE-2006-4972Sep 25, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in archive/index.php/forum-4.html in MyBB (aka MyBulletinBoard) allows remote attackers to inject arbitrary web script or HTML via the navbits[][name] parameter.

  • CVE-2006-4706Sep 12, 2006
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via a url BBCode tag that contains a javascript URI with an SGML numeric character reference and an embedded…

  • CVE-2006-4707Sep 12, 2006
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in admin/global.php (aka the Admin CP login form) in MyBB (aka MyBulletinBoard) 1.1.7 allows remote attackers to inject arbitrary web script or HTML via the query string ($_SERVER[PHP_SELF]).

  • CVE-2006-3954Aug 1, 2006
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action.

  • CVE-2006-3953Aug 1, 2006
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter.

  • CVE-2006-3760Jul 21, 2006
    risk 0.00cvss epss 0.01

    Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.4 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2006-3761Jul 21, 2006
    risk 0.00cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference in the url BBCode tag, as…

  • CVE-2006-3758Jul 21, 2006
    risk 0.00cvss epss 0.01

    inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the…

  • CVE-2006-3759Jul 21, 2006
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in MyBB (aka MyBulletinBoard) 1.1.4, related has unspecified impact and attack vectors related to "user group manipulation."

  • CVE-2006-3420Jul 7, 2006
    risk 0.00cvss epss 0.02

    Cross-site request forgery (CSRF) vulnerability in editpost.php in MyBulletinBoard (MyBB) before 1.1.5 allows remote attackers to perform unauthorized actions as a logged in user and delete arbitrary forum posts via a bbcode IMG tag with a modified delete parameter in a…